6 matches found
CVE-2026-15300
CVE-2026-15300 affects the GEO my WP WordPress plugin up to version 4.5.4. An SQL injection exists via the distance, lat, and lng parameters. Values are read from $_SERVER['QUERY_STRING'] with parse_str(), then passed through bare esc_sql() and interpolated into unquoted numeric positions in the ...
EUVD-2026-42807
The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $SERVER'QUERYSTRING' via parsestr bypassing wpmagicquotes, which does not cover $SERVER, then passed through bare...
EUVD-2023-60559
Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, typeid, distance, facilities, categories, prices, location, and Itemid. Attackers can...
CVE-2023-41507
Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters...
Exploit for SQL Injection in Superstorefinder Super_Store_Finder
CVE-2023-41507 CVE-2023-41507 - Super Store Finder v3.6 was di...
Super Store Finder SQL Injection Vulnerability
Super Store Finder is an easy-to-use Google Maps API store locator program Super Store Finder by Super Store Finder. A security vulnerability exists in Super Store Finder version v3.6, which stems from an SQL injection vulnerability in the store locator component that contains multiple SQL...